github.com/core-coin/go-core/v2@v2.1.9/cmd/gocore/version_check_test.go

github.com/core-coin/go-core/v2@v2.1.9/cmd/gocore/version_check_test.go (about)

     1  // Copyright 2020 by the Authors
     2  // This file is part of go-core.
     3  //
     4  // go-core is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // go-core is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU General Public License
    15  // along with go-core. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  package main
    18  
    19  import (
    20  	"encoding/json"
    21  	"fmt"
    22  	"io/ioutil"
    23  	"regexp"
    24  	"strconv"
    25  	"strings"
    26  	"testing"
    27  )
    28  
    29  func versionUint(v string) int {
    30  	mustInt := func(s string) int {
    31  		a, err := strconv.Atoi(s)
    32  		if err != nil {
    33  			panic(v)
    34  		}
    35  		return a
    36  	}
    37  	components := strings.Split(strings.TrimPrefix(v, "v"), ".")
    38  	a := mustInt(components[0])
    39  	b := mustInt(components[1])
    40  	c := mustInt(components[2])
    41  	return a*100*100 + b*100 + c
    42  }
    43  
    44  // TestMatching can be used to check that the regexps are correct
    45  func TestMatching(t *testing.T) {
    46  	data, _ := ioutil.ReadFile("./testdata/vcheck/vulnerabilities.json")
    47  	var vulns []vulnJson
    48  	if err := json.Unmarshal(data, &vulns); err != nil {
    49  		t.Fatal(err)
    50  	}
    51  	check := func(version string) {
    52  		vFull := fmt.Sprintf("Gocore/%v-unstable-15339cf1-20201204/linux-amd64/go1.15.4", version)
    53  		for _, vuln := range vulns {
    54  			r, err := regexp.Compile(vuln.Check)
    55  			vulnIntro := versionUint(vuln.Introduced)
    56  			vulnFixed := versionUint(vuln.Fixed)
    57  			current := versionUint(version)
    58  			if err != nil {
    59  				t.Fatal(err)
    60  			}
    61  			if vuln.Name == "Denial of service due to Go CVE-2020-28362" {
    62  				// this one is not tied to gocore-versions
    63  				continue
    64  			}
    65  			if vulnIntro <= current && vulnFixed > current {
    66  				// Should be vulnerable
    67  				if !r.MatchString(vFull) {
    68  					t.Errorf("Should be vulnerable, version %v, intro: %v, fixed: %v %v %v",
    69  						version, vuln.Introduced, vuln.Fixed, vuln.Name, vuln.Check)
    70  				}
    71  			} else {
    72  				if r.MatchString(vFull) {
    73  					t.Errorf("Should not be flagged vulnerable, version %v, intro: %v, fixed: %v %v %d %d %d",
    74  						version, vuln.Introduced, vuln.Fixed, vuln.Name, vulnIntro, current, vulnFixed)
    75  				}
    76  			}
    77  
    78  		}
    79  	}
    80  	for major := 1; major < 2; major++ {
    81  		for minor := 0; minor < 30; minor++ {
    82  			for patch := 0; patch < 30; patch++ {
    83  				vShort := fmt.Sprintf("v%d.%d.%d", major, minor, patch)
    84  				check(vShort)
    85  			}
    86  		}
    87  	}
    88  }